k8ssandra/cass-operator

cass-operator's `spec.podTemplateSpec.spec.tolerations` is overwritten by `spec.tolerations` without error message

Opened this issue · 1 comments

hoyhbx commented

What happened?

We were specify the tolerations for the podTemplateSpec through the field spec.podTemplateSpec.spec.tolerations but our configuration was overwritten by another field in the CR spec.tolerations without notice or warning.

Did you expect to see something different?

We expect our input to be rejected with clear error message up front, if the desired behavior of the handling of spec.podTemplateSpec.spec.tolerations is to be overwritten by spec.tolerations.

How to reproduce it (as minimally and precisely as possible):

  1. Deploy the cass-operator
  2. Deploy CassandraDB with the following CR yaml
apiVersion: cassandra.datastax.com/v1beta1
kind: CassandraDatacenter
metadata:
  name: test-cluster
spec:
  clusterName: cluster1
  podTemplateSpec:
    spec:
      containers: []
      tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/control-plane
        operator: Exists

Environment

  • Cass Operator version:

    v1.10.3

  • Kubernetes version information:

    Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.1", GitCommit:"86ec240af8cbd1b60bcc4c03c20da9b98005b92e", GitTreeState:"clean", BuildDate:"2021-12-16T11:41:01Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.0", GitCommit:"4ce5a8954017644c5420bae81d72b09b735c21f0", GitTreeState:"clean", BuildDate:"2022-05-19T15:39:43Z", GoVersion:"go1.18.1", Compiler:"gc", Platform:"linux/amd64"}

  • Kubernetes cluster kind:

    kind

  • Manifests:

Shown above in the reproduce section

  • Cass Operator Logs:
insert Cass Operator logs relevant to the issue here

Anything else we need to know?:
The root cause is at

cass-operator/pkg/reconciliation/construct_podtemplatespec.go

Line 635 in a6054d2

baseTemplate.Spec.Tolerations = dc.Spec.Tolerations

One possible fix is to add a check in the admission webhook which rejects the CR if the field spec.podTemplateSpec.spec.tolerations is not empty.
An alternative is to add a error level log message near

cass-operator/pkg/reconciliation/construct_podtemplatespec.go

Line 635 in a6054d2

baseTemplate.Spec.Tolerations = dc.Spec.Tolerations
to print error in log to indicate that the toleration is overwritten by another field.

┆Issue is synchronized with this Jira Story by Unito

burmanm commented

The usage of PodTemplateSpec in cass-operator is generally undocumented and not recommended, there are multiple fields which are overwritten or modified without passing them directly to the pods and that's by design. For normal use cases, there should be no need to use PodTemplateSpec.

The controller-runtime does not allow warning validations in webhooks as of yet without a significant rewrite, until kubernetes-sigs/controller-runtime#1896 is implemented.

We would probably add a warning for all PodTemplateSpec usages. As of now, we do not intend to support it or ensure backwards compatibility when using PodTemplateSpec. If you have a real reason to use it which isn't supported otherwise in the CRD, please create a feature request.